package com.xxwy.ddu.security.app.config;

import com.xxwy.ddu.security.app.config.handler.AppAuthenticationFailureHandler;
import com.xxwy.ddu.security.app.config.handler.AppAuthenticationSuccessHandler;
import com.xxwy.ddu.security.app.social.openid.OpenIdAuthenticationSecurityConfig;
import com.xxwy.ddu.security.code.authonrize.AuthorizeConfigManager;
import com.xxwy.ddu.security.code.config.SmsCodeAuthenticationConfig;
import com.xxwy.ddu.security.code.properties.SecurityConstants;
import com.xxwy.ddu.security.code.properties.SecurityProperties;
import com.xxwy.ddu.security.code.vaildatecode.config.ValidateCodeSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.social.security.SpringSocialConfigurer;

/**
 * @author xxwy
 * on 2018/8/28 0028
 */
@EnableResourceServer
@Configuration
public class AppResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    AppAuthenticationFailureHandler authenticationFailureHandler;

    @Autowired
    AppAuthenticationSuccessHandler authenticationSuccessHandler;

    @Autowired
    SecurityProperties securityProperties;

    @Autowired
    ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Autowired
    SmsCodeAuthenticationConfig smsCodeAuthenticationConfig;

    @Autowired
    private SpringSocialConfigurer xxSocialConfigurer;

    @Autowired
    private OpenIdAuthenticationSecurityConfig openIdAuthenticationSecurityConfig;

    @Autowired
    private AuthorizeConfigManager authorizeConfigManager;


    @Override
     public void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .usernameParameter("user").passwordParameter("pwd")
                .loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)                      // 登录页面回调
                .loginProcessingUrl(SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_FORM)        // 自定义的登录接口
                .successHandler(authenticationSuccessHandler)                                 // 认证成功回调
                .failureHandler(authenticationFailureHandler);
        //加上验证码的校验
        http.apply(validateCodeSecurityConfig).and()
                .apply(smsCodeAuthenticationConfig).and()
                .apply(xxSocialConfigurer).and()
                .apply(openIdAuthenticationSecurityConfig).and()
                .csrf().disable();
        authorizeConfigManager.config(http.authorizeRequests());
    }

}
